Re: Restricted view of the filesystem

[guenther <guenther rudersport de>]

> In a deployment scenario, the desktop administrator should ideally be
> able to define a restricted set of directories which users in a
> profile will be able to view.  For example, a user may only be allowed
> to view the contents of his home directory and its subdirectories.
[...]

> Thoughts/comments/suggestions are welcome :-).

Clearly, this is just about defining "a view", not security related in
any sense of the word, right?

If you are thinking security, this is the wrong approach. File ownership
and permissions do this, or ACLs. This is not the duty of the graphical
interface to handle and enforce. Can these users log in via a virtual
terminal? Can they launch gnome-terminal, xterm, bash... Or even emacs?

What is wrong with seeing the contents or /usr/share/icons? Ever set a
custom icon for a launcher? What is bad about seeing the contents
of /usr/share/man? Yelp does display man pages... This list goes on and
on.

Btw, would that GConf key you proposed be owned by the user? ;)

  guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}